Researchers from Check Point Mobile Researcher Team detected several infections in 36 Android devices from different manufacturer. Security breaches in Andorid devices are noting new today but the attack is intressting because the malware were already present on the devices even before the users received them. The malicious apps were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain….

Scientists from the Northeastern University in Boston get the most popular out of 100,000 JavaScript libraries, according to their view, and tested on 133,000 websites in which versions the libraries are used.

As a result of their study, they describe that 37 percent of the scanned domains use at least one vulnerable version. At 10 percent, two or more vulnerable JavaScript libraries are in use. In addition, many of the websites analyzed load libraries such as SWFObject and YUI, which no longer receive support.

In their selection, the scientists have chosen widespread libraries such as Bootstrap and jQuery. 75,000 of the websites examined can be found in the Alexa ranking – the rest are randomly selected pages with .com domain.

Microsoft Windows contains a memory corruption bug in the handling of SMB traffic. In particular, Windows fails to properly handle a specially-crafted server response that contains too many bytes following the structure defined in the SMB2 TREE_CONNECT Response structure. By connecting to a malicious SMB server, a vulnerable Windows client system may crash (BSOD) in mrxsmb20.sys.